Top 35 Postman
Interview Questions
Deep-dive answers with test scripts, assertions, Newman setups, and mock servers. Handpicked for QA and SDET engineers to ace API testing interviews.
Mastering REST Assured too?
Speed up your backend testing with our Rest Assured 100+ Commands Cheat Sheet.
What is Postman, and why is it used in API testing?
Postman is an interactive, collaborative API development and testing platform. Originally built as a browser extension, it has evolved into a comprehensive desktop application that allows engineers to design, build, test, mock, and document REST, SOAP, GraphQL, and WebSocket APIs.
Deep Dive Explanation
In QA testing, Postman is highly valued because it abstracts complex HTTP protocols into a clean, visual interface. It enables manual testers to easily construct requests, inspect responses, and validate headers/cookies, while allowing automation engineers to write JavaScript-based assertion suites that run headlessly in CI/CD pipelines via the Newman CLI.
How do you send a GET request in Postman?
To send a GET request: 1) Open a new request tab, 2) Select 'GET' from the HTTP method dropdown list, 3) Enter the target endpoint URL in the address box, 4) Add query parameters in the 'Params' tab if needed, and 5) Click 'Send'.
Deep Dive Explanation
Since GET requests are designed to retrieve data without modifying database states, they do not support a request body. Postman disables the 'Body' tab when the GET method is selected, ensuring compliance with HTTP standards.
What are the different HTTP methods supported by Postman?
Postman supports all standard HTTP methods: GET (retrieve data), POST (create data), PUT (replace data), PATCH (partially update data), DELETE (remove data), HEAD (retrieve headers only), OPTIONS (inspect allowed methods), and custom methods if needed.
Deep Dive Explanation
Under the hood, these HTTP methods (or verbs) define the exact semantic action to be executed on the resource server. Postman aligns its UI to these methods, enabling testers to supply bodies for POST/PUT/PATCH while restricting them for GET/DELETE.
How do you add query parameters in Postman?
You add query parameters by navigating to the 'Params' tab directly underneath the URL bar. Enter your key-value pairs in the grid, and Postman will automatically encode and append them to the end of the URL starting with a '?' symbol.
Deep Dive Explanation
For example, adding `page = 2` and `limit = 10` in the Params grid will transform `https://api.example.com/users` into `https://api.example.com/users?page=2&limit=10`. This eliminates manual URL formatting and prevents query parameter encoding errors.
// Example of how Postman constructs the parameterized URL
GET https://api.example.com/users?status=active&role=adminWhat is the difference between Params and Body in Postman?
Params (Query Parameters) are part of the URL query string, usually used in GET requests to filter, sort, or paginate data. Body is the payload content sent inside the HTTP request stream, typically used in POST/PUT/PATCH requests to transmit complex data structures.
Deep Dive Explanation
Params are fully visible in the browser address bar, server access logs, and referral links, making them unsafe for sensitive data (like passwords). Body payloads are sent separately in the HTTP request stream, support multiple data formats (JSON, XML, form-data), and can carry large datasets securely.
How do you import and export collections in Postman?
To export, click the three dots (...) next to a Collection, select 'Export', choose 'Collection v2.1 (Recommended)', and save the JSON file. To import, click the 'Import' button in the top left of the workspace and drag-and-drop the exported JSON file, folder, or link.
Deep Dive Explanation
Postman collections are stored natively as structured JSON files. This makes them highly compatible with version control systems like Git, allowing QA teams to share, merge, and run automated regression suites easily.
What are workspaces in Postman?
Workspaces are collaborative environments that organize API assets (collections, environments, integrations, and monitors). They act as shared workspaces where developers and QAs can collaborate in real-time, preventing resource duplication.
Deep Dive Explanation
Postman offers different workspace scopes: Personal Workspaces (isolated for individual use), Team Workspaces (shared with your organization for real-time collaboration), and Public Workspaces (open source or visible to everyone for public API developer portals).
What is the purpose of Collections in Postman?
Collections are logical groups of related API requests. They are used to organize testing workflows, save request history, execute batch automation runs (using the Collection Runner), parameterize variables, and set up dynamic pre-request/test scripts.
Deep Dive Explanation
By group-saving individual requests, Collections act as living documentation. Rather than recreating tests from scratch, a QA engineer can open a Collection, view predefined setups, run an entire regression suite with one click, and share resources easily.
How do you send a POST request with a JSON payload in Postman?
To send a JSON POST request: 1) Select 'POST' as the method, 2) Navigate to the 'Body' tab, 3) Select the 'raw' radio button, 4) Choose 'JSON' from the dropdown list, and 5) Input your raw JSON schema inside the editor.
Deep Dive Explanation
Selecting 'raw' and 'JSON' instructs Postman to automatically inject the crucial `Content-Type: application/json` header into your request, telling the target server how to parse the incoming stream.
// 1. Set HTTP Method to POST
// 2. Select Body -> raw -> JSON
{
"name": "Alex Mercer",
"email": "alex.m@example.com",
"roles": ["QA", "SDET"]
}How do you pass headers in Postman?
To pass headers, navigate to the 'Headers' tab below the URL bar. Enter your custom header fields in the key-value grid (e.g. key: `Content-Type`, value: `application/json`). Postman also automatically generates hidden auto-generated headers, which can be viewed by clicking '7 hidden'.
Deep Dive Explanation
Headers play a critical role in API communication, providing metadata like content descriptions (`Content-Type`), auth tokens (`Authorization`), caching rules (`Cache-Control`), or client identifiers (`User-Agent`).
// Common headers in API testing
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Accept: application/json
Content-Type: application/jsonWhat are Environments in Postman? How do you use them?
Environments are key-value sets of variables that represent target server deployment zones (e.g., Dev, QA, Staging, Production). You toggle between environments using the environment dropdown in the top right, allowing you to run the same test suite against different endpoints without modifying request URLs manually.
Deep Dive Explanation
Instead of hardcoding a URL like `https://qa-api.company.com/users`, you write `{{baseUrl}}/users` and store `baseUrl` as an environment variable in both your QA and Staging environments. When you select the QA environment, Postman resolves the variable dynamically to the QA server path.
// Define variables in your Environment file:
baseUrl = https://qa-api.company.com
adminToken = eyJhbGciOiJIUz...
// In Postman URL Bar:
{{baseUrl}}/api/v1/auth/loginWhat are Global, Environment, and Collection variables in Postman?
Postman uses variable scopes to manage configurations at different levels: Global (accessible across all collections in a workspace), Environment (active only when a specific environment file is selected), and Collection (active across all requests within a specific collection).
Deep Dive Explanation
Postman resolves variables following a strict scope hierarchy: Local (closest) β Data (from CSV/JSON files) β Environment β Collection β Global (broadest). If a variable with the same key name is defined in both Collection and Environment, Postman will resolve to the Environment scope value as it overrides broader scopes.
How do you use test scripts in Postman?
You write test scripts inside the 'Tests' tab using JavaScript and Postman's native `pm` library. These scripts execute automatically as soon as a response is received back from the server, allowing you to assert status codes, response times, headers, and body payloads.
Deep Dive Explanation
Postman provides built-in code snippet shortcuts on the right side of the script editor for common test cases. Test failures are color-coded in red within the 'Test Results' tab in the response console, helping testers spot bugs instantly.
// Verify HTTP 200 OK and response format
pm.test("Status code is 200", function () {
pm.response.to.have.status(200);
});
pm.test("Response is JSON", function () {
pm.response.to.be.withBody;
pm.response.to.be.json;
});What is the difference between Pre-request Scripts and Tests in Postman?
Pre-request Scripts execute *before* the HTTP request is sent to the server. They are used to generate dynamic data, set headers dynamically, or sign requests. Tests scripts execute *after* the response is received, primarily used to run assertions and handle data storage for request chaining.
Deep Dive Explanation
Pre-request scripts are ideal for setup operations like generating a dynamic timestamp or hashing credentials. Tests are ideal for teardown/assertion operations, such as extracting an ID from the response and saving it to an environment variable for the next request.
// --- Pre-request Script (Runs Before) ---
// Generate a unique email dynamically for a signup test
const randomId = Math.floor(Math.random() * 100000);
pm.environment.set("tempEmail", "testuser" + randomId + "@qa.com");
// --- Tests Script (Runs After) ---
// Verify server registered the email successfully
pm.test("Registration successful", function () {
pm.expect(pm.response.json().message).to.eql("User created");
});What is the Collection Runner in Postman?
The Collection Runner is a built-in Postman utility that executes all requests within a collection in a sequence (or a custom order). It supports configuring iteration counts, importing external CSV or JSON test data files, pausing between calls, and exporting comprehensive execution reports.
Deep Dive Explanation
Collection Runner is the backbone of local API automation in Postman. It allows QA engineers to run sanity tests, regression suites, and data-driven tests (e.g. running a creation flow 50 times with different parameters from an imported spreadsheet) directly from the UI.
What authentication methods are supported by Postman?
Postman natively supports standard authentication protocols: Inherit Auth from Parent (default), No Auth, API Key, Bearer Token, Basic Auth, Digest Auth, OAuth 1.0, OAuth 2.0, Hawk Authentication, AWS Signature, and NTLM Authentication.
Deep Dive Explanation
Rather than forcing you to format authentication headers manually, Postman provides dedicated input forms for each auth type. When you select an auth type and input details (like username/password for Basic Auth), Postman automatically encodes the values and injects the proper HTTP headers (e.g. `Authorization: Basic dGVzdHVzZXI6cGFzc3dvcmQ=`) at send-time.
How do you handle OAuth authentication in Postman?
In the 'Authorization' tab, select 'OAuth 2.0'. In the configuration panel, input the Auth URL, Access Token URL, Client ID, Client Secret, Scope, and Grant Type. Click 'Get New Access Token' to trigger the auth flow, and Postman will automatically fetch and apply the bearer token for your subsequent API calls.
Deep Dive Explanation
Postman acts as the OAuth client. It can spin up an embedded web browser to handle interactive login flows (like Google or Azure AD SSO portals), receive the callback redirect containing the authorization code, exchange it for the Access Token behind the scenes, and handle token refreshes automatically.
// Alternatively, automate OAuth 2.0 Client Credentials token fetch in a Pre-request Script:
pm.sendRequest({
url: 'https://auth.example.com/oauth/token',
method: 'POST',
header: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: {
mode: 'urlencoded',
urlencoded: [
{ key: 'grant_type', value: 'client_credentials' },
{ key: 'client_id', value: pm.environment.get('clientId') },
{ key: 'client_secret', value: pm.environment.get('clientSecret') }
]
}
}, function (err, res) {
if (!err) {
pm.environment.set("accessToken", res.json().access_token);
}
});How do you automate API testing using Postman?
API automation in Postman is achieved by combining three elements: 1) Writing JavaScript test assertions inside the 'Tests' tab of your requests, 2) Grouping requests in structured Collections, and 3) Running them headlessly in CI/CD pipelines via the Newman CLI.
Deep Dive Explanation
By avoiding hardcoded variables and instead utilizing environment scopes, pre-request dynamic data generators, and request chaining, a QA architect can build a highly robust, hands-free automation framework. Newman will run these tests headlessly and report execution details back to Jenkins, GitHub Actions, or Azure DevOps.
What is Newman, and how do you use it?
Newman is the official, open-source command-line collection runner for Postman. It is built on Node.js and allows you to run Postman collections headlessly directly from your command-line interface, terminal, or build machine without opening the Postman desktop application.
Deep Dive Explanation
Newman acts as the execution engine for Postman automation in CI/CD. It accepts an exported Collection JSON file (and optionally an Environment JSON file) as input, executes the API calls, evaluates the embedded test scripts, and generates multiple report formats (CLI, HTML, JUnit XML).
# 1. Install Newman globally via npm
npm install -g newman
# 2. Run a collection with environment variables and generate an HTML report
newman run my_collection.json -e my_env.json -r cli,html --reporter-html-export report.htmlHow do you validate JSON responses in Postman?
You validate JSON responses inside the 'Tests' tab by parsing the response body into a JavaScript object via `pm.response.json()`, and writing assertions using the bundled Chai assertion library.
Deep Dive Explanation
Chai provides a clean, readable syntax (`expect`) to assert data types, verify array lengths, check specific values, or enforce strict object schemas.
// Complex JSON validation example
const jsonData = pm.response.json();
pm.test("Verify user structure", function () {
pm.expect(jsonData).to.be.an('object');
pm.expect(jsonData.id).to.be.a('number');
pm.expect(jsonData.username).to.eql("alex_sdet");
pm.expect(jsonData.roles).to.include("admin");
pm.expect(jsonData.address.zipcode).to.match(/^\d{5}$/); // RegEx zip check
});What is the purpose of the Tests tab in Postman?
The 'Tests' tab is the execution playground for post-request scripts. It runs automatically inside a sandboxed JavaScript environment immediately after a request finishes, serving as the central hub for executing assertions, validating schemas, logging parameters, and setting environment variables.
Deep Dive Explanation
Because the sandbox provides a standard ES6 execution environment along with popular libraries (like lodash, cheerio, and ajv), you can run complex test logic, evaluate loops, parse HTML, or run JSON schema validators on every server response.
How do you check response status codes in Postman tests?
You check response status codes using Postman's built-in `pm.response` assertion helpers. You can check for exact numbers, use semantic name validation, or verify a range of allowed codes.
Deep Dive Explanation
Validating status codes is the first line of defense in API testing. It ensures the server responded with the correct semantic result (e.g. 201 Created vs 409 Conflict) before parsing the body payload.
// Verify exact status code
pm.test("Status code is 201", function () {
pm.response.to.have.status(201);
});
// Verify status message/semantic text
pm.test("Status is Created", function () {
pm.response.to.have.status("Created");
});
// Verify response is successful (any 2xx code)
pm.test("Successful request", function () {
pm.expect(pm.response.code).to.be.oneOf([200, 201, 202, 204]);
});How do you chain requests in Postman using variables?
Request chaining is achieved by: 1) Sending a request to retrieve data, 2) Extracting the target value in its 'Tests' script, 3) Saving it as an environment or collection variable, and 4) Referencing that variable using double curly braces `{{variableName}}` in the URL, header, or body of subsequent requests.
Deep Dive Explanation
This allows you to construct dynamic workflows, such as calling a `/login` endpoint, extracting the JWT token, saving it to `{{activeToken}}`, and automatically sending it in the `Authorization: Bearer {{activeToken}}` header for all subsequent API requests.
// --- Step 1: In the 'Tests' tab of GET /users ---
const resData = pm.response.json();
const firstUserId = resData.data[0].id;
pm.environment.set("targetUserId", firstUserId);
// --- Step 2: In the next request (GET /users/{{targetUserId}}) ---
// URL bar: {{baseUrl}}/users/{{targetUserId}}
// Postman will resolve targetUserId dynamically to the extracted ID!How do you handle dynamic values in API testing with Postman?
Dynamic values are handled using Postman's built-in dynamic variables (prefixed with a `$`) directly in your endpoints/bodies, or by using JavaScript's native generators (like `Math.random()`, `Date.now()`, or the bundled `uuid` library) in your Pre-request Scripts.
Deep Dive Explanation
Postman provides dozens of built-in dynamic generators, such as `{{$randomFirstName}}`, `{{$randomEmail}}`, `{{$guid}}`, and `{{$randomInt}}`. When injected into body payloads or headers, Postman compiles them into realistic fake data at execution time.
// Using dynamic variables in POST raw JSON Body:
{
"email": "{{$randomEmail}}",
"uuid": "{{$guid}}",
"transactionAmount": {{$randomInt}}
}
// Or programmatically in a Pre-request Script:
const timestamp = new Date().toISOString();
pm.environment.set("requestTimestamp", timestamp);What is a Mock Server in Postman, and how do you use it?
A Postman Mock Server is a cloud-hosted simulator that returns preconfigured mock responses (based on saved request Examples). It allows frontend developers or QA engineers to execute tests against a realistic simulated backend before the actual API is built or when the staging server is offline.
Deep Dive Explanation
To use mock servers, you save target responses as 'Examples' in your Collection, define matching rules (matching headers/methods), and spin up a Mock Server. Postman generates a unique URL (e.g., `https://mock-uuid.mock.pstmn.io`). When requests hit this URL, Postman's matching engine returns your saved example JSON automatically, matching the request parameters.
How do you integrate Postman with CI/CD pipelines?
Postman is integrated into CI/CD pipelines by running the Newman CLI runner inside your pipeline scripts (e.g., Jenkinsfile, GitHub Actions yaml, GitLab CI yaml). The pipeline fetches code, installs Node.js and Newman, executes the test suite, and generates XML reports that the CI system parses for pass/fail checks.
Deep Dive Explanation
By running Newman inside docker containers, you ensure execution environments are completely isolated. Pipelines can be configured to execute tests automatically on every PR commit, blocking merge deployments if Newman reports a test assertion failure.
# Example GitHub Actions Workflow file (.github/workflows/api-tests.yml)
name: API Regression Suite
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Install Newman
run: npm install -g newman newman-reporter-htmlextra
- name: Execute Tests
run: newman run ./collections/users_api.json -e ./config/qa_env.json -r cli,htmlextra --reporter-htmlextra-export ./reports/index.html
- name: Archive Reports
uses: actions/upload-artifact@v3
with:
name: api-test-report
path: ./reports/index.htmlWhat are Postman Monitors, and how do they work?
Postman Monitors are cloud-based cron triggers that execute collections at scheduled intervals (e.g. hourly, daily) in the Postman cloud. They monitor API availability, latency, correctness, and performance from multiple geographic regions, sending alerts via Slack or Email on failure.
Deep Dive Explanation
Unlike runner integrations that trigger only during code changes, Monitors act as real-time API health checks. They execute your embedded assertions against your production endpoints 24/7, serving as an early-warning system for API outages or database memory leaks.
How do you generate API documentation in Postman?
Postman automatically generates web-based API documentation directly from your Collections. By adding clear descriptions to collections, folders, and individual requests (supporting Markdown formatting), and saving successful response Examples, you can generate a professional, interactive public/private API portal with a single click.
Deep Dive Explanation
This documentation is dynamic and keeps itself updated as you modify the collection. It automatically generates code snippets in multiple programming languages (Java, Python, Javascript, cURL), allowing external developers to copy integration steps instantly.
How do you use Postman to test SOAP APIs?
To test SOAP APIs in Postman: 1) Set the HTTP method to 'POST', 2) Set the 'Content-Type' header to `text/xml` (or `application/soap+xml`), 3) Navigate to the 'Body' tab, select 'raw' and choose 'XML', and 4) Input the full SOAP envelope (with body and parameters) inside the XML editor.
Deep Dive Explanation
Since SOAP relies entirely on XML schemas passed over HTTP POST, Postman's raw XML editor serves as an ideal interface. You can write Pre-request scripts and Test assertions on SOAP responses just like REST APIs, parsing XML structures using libraries like `xml2js` inside your script.
// 1. SOAP XML Payload inside POST Body:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetStockPrice xmlns="http://www.example.com/stocks">
<StockSymbol>GOOG</StockSymbol>
</GetStockPrice>
</soap:Body>
</soap:Envelope>
// 2. Parse XML response inside the 'Tests' tab:
const xmlResponse = pm.response.text();
xml2js.parseString(xmlResponse, function (err, result) {
const price = result['soap:Envelope']['soap:Body'][0].GetStockPriceResponse[0].Price[0];
pm.test("Validate Stock Price", function () {
pm.expect(parseFloat(price)).to.be.greaterThan(100);
});
});How do you handle error responses in Postman tests?
Handling error responses involves writing assertions that verify the API fails gracefully when negative inputs are supplied. You should assert the appropriate 4xx/5xx status code, verify the error header type, and validate the structural schema of the returned error payload.
Deep Dive Explanation
Testing APIs for success path is only half the battle. Good QA test suites include 'negative test cases' to assert validation bounds. For example, supplying a null username to a signup API should return exactly a `400 Bad Request` containing a specific array of error strings.
// Example of validating a 400 Bad Request error response
pm.test("Status code is 400", function () {
pm.response.to.have.status(400);
});
pm.test("Verify error payload details", function () {
const errorJson = pm.response.json();
pm.expect(errorJson.error).to.eql("ValidationFailed");
pm.expect(errorJson.details).to.include("Email address is malformed");
});How do you debug API requests in Postman?
To debug API requests: 1) Open the 'Postman Console' (View -> Show Postman Console or click 'Console' in the bottom left), 2) Inspect the detailed execution flow, including raw request/response headers, sent body payloads, and connection logs, and 3) Inject logging commands like `console.log()` into Pre-request/Tests scripts.
Deep Dive Explanation
The Postman Console is the single most valuable tool for troubleshooting failing tests. It captures SSL handshakes, network redirections, dynamic variable compilation logs, and sandbox errors, helping you spot credential or formatting bugs immediately.
// Inject logs inside script editor to debug values
const responseJson = pm.response.json();
console.log("Extracted JWT Token: ", responseJson.token);
console.warn("Response Latency was high: ", pm.response.responseTime);What are scripts in Postman, and how can they be used to enhance API testing?
Scripts in Postman refer to Pre-request and Tests JavaScript files that execute within sandboxed VM execution contexts. They enhance API testing by allowing teams to automate token handshakes, encrypt payloads, write complex data validations, and control collection execution flows dynamically.
Deep Dive Explanation
By utilizing scripts, you can control the execution sequence of requests. By default, the Collection Runner runs sequentially. However, by calling `postman.setNextRequest('requestName')`, you can build conditional loops, skip requests based on data criteria, or trigger recursion scripts.
// Conditional Branching in a Test Script:
const jsonData = pm.response.json();
if (jsonData.status === "completed") {
// Jump straight to the billing receipt verification request
postman.setNextRequest("Get Billing Receipt");
} else {
// Loop back to poll the status request again
postman.setNextRequest("Check Job Status");
}How do you test GraphQL APIs in Postman?
To test GraphQL in Postman: 1) Open a new request, 2) Select 'POST' as the method, 3) Select the 'Body' tab, 4) Choose the 'GraphQL' radio button, and 5) Input your GraphQL Query or Mutation on the left editor panel, and pass variables on the right variables JSON panel.
Deep Dive Explanation
Postman provides built-in autocompletion for GraphQL. By supplying a schema URL or enabling schema introspection, Postman automatically fetches query structures, fields, and types, allowing QA engineers to write clean GraphQL requests without syntax errors.
// GraphQL Query:
query GetUser($userId: ID!) {
user(id: $userId) {
name
email
active
}
}
// Variables Panel (JSON):
{
"userId": "12345"
}How do you handle file uploads in Postman?
To handle file uploads: 1) Select 'POST' as the method, 2) Navigate to the 'Body' tab, 3) Select the 'form-data' radio button, 4) Enter a key name, hover over the right side of the key field, and select 'File' from the dropdown list, and 5) Click 'Select Files' to upload a file from your local filesystem.
Deep Dive Explanation
Selecting form-data and uploading a file tells Postman to format the request as a `multipart/form-data` stream. Postman automatically sets the boundary parameters and maps binary headers, allowing you to test file upload APIs seamlessly.
What are the advantages of using Postman over other API testing tools?
Postman's primary advantages include: 1) A highly visual, premium user interface that reduces the barrier of entry for manual QAs, 2) Seamless real-time collaboration with workspaces, 3) Robust JavaScript scripting for complex automation, 4) Headless Newman runner for CI/CD, and 5) Built-in mock servers and API documentation portals.
Deep Dive Explanation
While code-based tools (like REST-Assured, Axios, or Playwright API) offer extreme flexibility for developers, they lack visual debugging dashboards. Postman bridges this gap by acting as a 'unified API platform', enabling QA manual testers and automation leads to collaborate on the exact same collections, speeding up release timelines.
Finished practicing?
Head back to the main lobby to explore more interview prep tracks and dashboard tools.